CVE-2020-28369

In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes Cryptbase.dll to be loaded from the user-writable location %WINDIR%\Temp.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.beyondtrust.com/privilege-management/windows-mac	Product
https://www.beyondtrust.com/trust-center/security-advisories/bt22-08	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:beyondtrust:privilege_management_for_windows:*:*:*:*:*:*:*:*

History

14 Dec 2023, 20:22

Type	Values Removed	Values Added
CWE		CWE-427
Summary		(es) En BeyondTrust Privilege Management para Windows (también conocido como PMfW) hasta 5.7, una instalación de SISTEMA hace que Cryptbase.dll se cargue desde la ubicación de escritura del usuario %WINDIR%\Temp.
CPE		cpe:2.3:a:beyondtrust:privilege_management_for_windows::::::::
First Time		Beyondtrust Beyondtrust privilege Management For Windows
References	~~() https://www.beyondtrust.com/privilege-management/windows-mac -~~	() https://www.beyondtrust.com/privilege-management/windows-mac - Product
References	~~() https://www.beyondtrust.com/trust-center/security-advisories/bt22-08 -~~	() https://www.beyondtrust.com/trust-center/security-advisories/bt22-08 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8

12 Dec 2023, 15:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-12 15:15

Updated : 2023-12-14 20:22

NVD link : CVE-2020-28369

Mitre link : CVE-2020-28369

CVE.ORG link : CVE-2020-28369

JSON object : View

Products Affected

beyondtrust

privilege_management_for_windows

CWE

CWE-427

Uncontrolled Search Path Element

7.8 /10